<?php
	session_start();

	include("std_dbs.php");

if(isset($_POST['submitToFav']))
  {
//    include('add_favorite.php');
    $_SESSION['title'] = addslashes($_POST['title']);
    $_SESSION['rating'] = addslashes($_POST['rating']);
    $_SESSION['comment'] = addslashes($_POST['comment']);
    header('Location: myfavorites.php');
    exit;

  } else if(isset($_POST['submit']))
        {
                $title = addslashes($_POST['title']);
                $rating = addslashes($_POST['rating']);
                $comment = addslashes($_POST['comment']);
                unset($_POST['submit']);

                if($title=='')
                {
                        $message = "You must enter a valid movie title!<br />";
                }
		else if(!is_numeric($rating) || $rating > 5 || $rating < 0)
		{
			$message = "The rating must be numeric, on a scale from 1 to 5.<br />";
		}
                else
                {
                        $userId = $_SESSION['userid'];

                        //get the movID, to be used in the usercontent insert
                        //build query
                        $query ="SELECT MOVID FROM MOVIES WHERE MOVTITLE = '".$title."'";

                        //Prepare and execute query
                        $stid = oci_parse($connect, $query);
                        oci_execute($stid);

                        while($row = oci_fetch_array($stid))
                        {
                                $movId=$row[0];

                        }

                        if($movId == "")
                                $message = "\"$title\" was not found.  You may only review movies we have listed.<br />";
                        else
                        {
                                //build query
                                $query ="INSERT INTO UserContent VALUES ('$userId', '$movId', DEFAULT, '2', SYSDATE, '$rating', '$comment')";

                                //Prepare and execute query
                                $stid = oci_parse($connect, $query);
                                $r = oci_execute($stid);

                                if (!$r)
                                {
/*
                                        $e = oci_error($stid);  // For oci_execute errors pass the statement handle
                                        echo htmlentities($e['message']);
                                        echo "\n<pre>\n";
                                        echo htmlentities($e['sqltext']);
                                        echo $e['message'];
                                        //printf("\n%".($e['offset']+1)."s", "^");
                                        echo  "\n</pre>\n";
*/
					$message = "There was an error while adding your review!  Try removing special characters.";
                                }
				else
				{
                                	oci_commit();
                                	$message = "The review has been added.<br />";
                        	}
			}
                }
        }

$sortOrder = $_POST['sortOrder'];

	$title = "Read Reviews";
	include('header.php');

?>
	
<!-- start content -->
	<div id="content">	
		<div class="post">
                        <h1 class="title"><a href="#">Search Movie Reviews</a></h1><br />
				<b>Leave the title box blank to view all reviews! (Capitalization Counts!)</b><br />   
				<form name="sortReviews" method="post" action="reviews.php">
				Title: <input type="text" name="title" /> Sort By: <select name='sortOrder'>
					<option value='CREATEDATE DESC' selected>Date</option>
					<option value='MOVTITLE ASC'>Movie</option>
				</select>    
				<input type='submit' value='Sort' name='sort'><br /><br />                    
				</form>
				<font color='red'><?php echo $message; ?></font>
		<?php
			$userId = $_SESSION['userid'];
			$sortOrder = addslashes($_POST['sortOrder']);
			$title = addslashes($_POST['title']);

			if($sortOrder=="")
			{
				$sortOrder = "CREATEDATE DESC";
			}

			//build query
                	$query = "SELECT USERID, CREATEDATE, RATING, TEXT, MOVTITLE, IMGCOVER FROM UserContent INNER JOIN Movies ON UserContent.MOVID = 
MOVIES.MOVID WHERE CONTENTTYPE = '2' AND MOVTITLE LIKE '%" . $title . "%' ORDER BY $sortOrder";

                	//Prepare and execute query
                	$stid = oci_parse($connect, $query);
                	$r = oci_execute($stid);

			if (!$r) 
			{
/*
			    	$e = oci_error($stid);  // For oci_execute errors pass the statement handle
			    	print htmlentities($e['message']);
			    	print "\n<pre>\n";
    				print htmlentities($e['sqltext']);
				echo $e['message'];
    				printf("\n%".($e['offset']+1)."s", "^");
    				print  "\n</pre>\n";
*/
				$message = "There was an error while grabbing the review!";
			}
			else
			{
				//Display results
				echo "<table width='95%' id='reviewTable'><tr style='font-weight:bold'>
					<td>Date:</td><td>User ID:<td>Title:</td><td>Rating:</td><td width='300px'>Comments:</td></tr>";
			
				while(($row = oci_fetch_array($stid, OCI_ASSOC)))
				{
					//pull info from database
					$createDate = $row['CREATEDATE'];
					$reviewerid = $row['USERID'];
					$rating = $row['RATING'];
					$text = $row['TEXT'];
					$movtitle = $row['MOVTITLE'];
					$imgcover = $row['IMGCOVER'];				

					//echo info into a table
					echo "<tr><td>$createDate</td><td>$reviewerid</td><td>$movtitle</td><td>$rating</td><td>$text</td></tr>";
				}
			
				echo "</table>";
			}			
		?>
		</div>
		<div class='post'>
                        <div class='entry'>
                                <h1><a href='#'>Add A Review</a></h1>
		
<?php

if(isset($_SESSION['user'])) 		
{
	echo "				<form name='addReview' method='post' action='reviews.php'>
                        		Movie Title:<br />
					<input type='text' name='title' /><br />
					User Comment:<br />
					<input type='text' name='comment' /><br />
					Rating:<br />
                                                        <select name='rating'><option value='1'>1</option><option value='2'>2</option>
                                                        <option value='3'>3</option><option value='4'>4</option><option value='5'>5</option></select><br /><br 
/>
					<input type='submit' value='Add Review' name='submit'>
					</form>
                        </div>
                </div>";
}
else
	echo "You must sign in to post a review!</div></div>";
?>
	</div>		
	
<!-- end content -->

<?php include('footer.php'); ?>
